How to loose 3,000,000+ gold and don't get it back... The story of the magical hack.

[ketrish]

Code:

Hi there.My story with WoW is long but from I think WoTLK/Cata I've been enjoying another form of entertainment - the gold making. Today and back then for gold you could legally buy yourself for it almost everything what game offers - mounts, boosts, tradeable TCG and so go on. Those things I've done with trusted (battlenet friends who for instance are / were winning conquests) people like friends or top realm guilds. Never been scammed by anyone (besides once in Vanilla where I didn't know back then what scam was - learned fast after my 'first'time') and never cheated anyone. Also recently I've been organising plethora (60+ weekly) of mount runs in which some people got their mouts. Back to the topic - my accounts were stolen twice in my WoW's history. The 2nd time happened me recently (07.09.2014) and this time it was well performed if I could say that. Pattern goes this way:
1. Account was I think protected with everything possible.
2. Mail was also protected.
3. Passwords let's say were 'normal' (e.g. 'dEwa*3j2(21x)8Daq' etc.) so brute force is out of the possibility.
4. From time perspective I've noticed one strange thing - router behavoir where pings were insane, disconnect and everything what you can think of. Few days before the attack he went mad. I tought it was about config, checked other devices and on them it was normal if I could say so. Day or two ago I had to plug it again due some features which he has. Then I didn't remember or didn't connect dots around it but after few hours from the attack and some dowloading & monitoring it was just fine. I'm just saying it - maybe a coincidence, maybe not. In those terms ARP spoofing comes but too much 'fun' with it is required (at least IMHO).
5. Attack/Theft was 'windowed'. That means if I was playing in Sunday around 2-4AM and then I went off it happened before next log in - afternoon same day. 8h window more or less which is more interesting.
6. When I tried to log in - poof. No account, no nothing. Ok I think some !@#$ I have to do so I went to mailbox - nothing. Hmm....Checking history....nothing. Ok - I'm trying to get on wow-europe account - also poof. 
7. I had other backup account from times before dinosaurs so from that I've asked (via chat) and got quite fast help (few mins). I must say that GMs' service was good if I could say about their job in that way but the time waiting for rollback (incoming soon the best part) was a nightmare. If contact to GM took minutes and talks around 1-2 hours, waiting took 24h -.-.
8. Theft stole and then sold my account somewhere. I tried to locate it on markets which I've got knowledge about but nothing.
9. When I've got back my account - the chaos came. After log...<in this moment I'm missing English words for describing the situation>... well account was divided - some chars were transfered with names' changed, of course gold poofed (about that in a moment), some items god knows where from came up at my mailbox (I can only assume theft/buyer traded gold for them or something) and so go on. If I'd have to describe what I saw in few words -%^-*storm with flying exploding sheeps (yeah those one from Worms :P).
10. Like I said GMs ran a machine of restoration which so far is 'restorting' my chars to my orginal realm etc. but the best part goes now (I've tried to translate it as best as I could and containing the essence of it) : 'we can restore only some part of your items'. When I've asked about gold well in big short form : 'no'.
10.1. Update :: After I've got functional more or less account most of the items are back. Missing 1 item I think on main (picture #2, marked with red block) and I can't remember what was there.
11. If you've came to this point then I've pointed that I've been hacked twice. 1st time was in WoTLK where I had like 170k+. It wasn't problem back then to restore it then I'm curious why it's now. Maybe due the amount.
12. I've ran system with Kaspersky/AVG/Spybot/Malware/and some register cleanining tools and nothing besides few tracking cookies and some !@#$ from Eclipse (Java & Oracle) which were casued by overprotective tools.
13. I've asked a friend who is in TCG/trading business to ask his friends/buyers/sellers (name them whatever you want) if he would have anyone of his freidns had the similar/same 'actions'. He responed that there was only once known scenario as mine. Back then account also just poofed in thin air in short window frame.
14. Screenshot (picture #1 & #3) included below this post confirms mentioned in topic's name amount of gold which I 'had'/or will have if Blizz will decide to restore it. Please don't ask something like 'how to make gold' etc. I've made and published (for free) most of my knowledge as a guide (knowledge or some of her part should be free :P) on forum - http://!*!%#@%**##!*!#@#%*%*/forums/world-of-warcraft/world-of-warcraft-guides/429375-goblins-guide.html. Some of you may say exploiter/cheater/using OC so he deserve himself.Hmm... if there would be a regular gunfight near your house every day wouldn't you like to know what to avoid/how to defend yourself ?
15. A little update from tickets which are now being updates. My chars can stuck for 'weeks before restoring' (due realms' merge).
15.1. Update :: Restoring chars took 1 afternoon.
16. I don't want to look like prick/coxcomb or something like that but there comes a question (sorry I just have it - to question everything, well almost everything but nevermind) - if it's not possible to track down currency in game then everyone at this stage of game can steal without consequences because I don't know ? A merge ? Again it's only a question.
17. After restoration / rollback I still don't have access to my guilds (characters : ketbank & resender) which I've created (thefts are still in control at least as "Guild Masters"), I didn't get back my gold (even there are logs - gold requires mail/trade/etc to move from A to B, my saves (alt : illbeback) are gone also (I've used them to farm with friends mounts) & my BN friendlist is cleared (I also asked to restore it if there would be a possibility).


Proof of gold making history - http://postimg.org/image/nyb6dyjkb/full/ (#1) & http://postimg.org/image/dq0dyekab/full/ (#3)
Picture #2 - http://postimg.org/image/r4zqy2f8f/ picture


My suspicions are :
1. #4 ARP spoofing or MiTM attack but at least in my opionion it would be too risky.
2. Malware etc but also if software mentioned in point #12 can't protect a user then I don't know what - 10 firewalls with 10 anti-malwares ?
3. The latest tought which came to my mind. A guild bank exploit / 0day. I did create those guilds with people but they have been removed after guild was made.
Without any knowledge from technical side I can oly speculate based on things what I've done and my experience of using Internet.


TL;DR
I've been enjoying game via gold making and making fun of it. Got hacked (details above). My chars are stuck for 3 days now with possibility of staying this way (according to point #15) up to few weeks (update #15.1). I ain't going to get back my gold (3mln+-) & maybe just some items. So I you will be ever hacked on merged realm then pray to be poor or don't have unique items & gold guide link is at #14.
Ps poof = evaporate


Summarizing
Leaving like 2 months before expansion with chars and no gold provides no reason to continue playing because I've arleady had scheduled 500-700k to spend on 'services' from boosters, anoder few hundred on TCG and more for 'stockpiling' for launch.
To anyone blue (GM or above) - my intention was not to offend anyone, cause someone troubles and so go on but to present it from my full perspective and possibility weaknesses of the system somewhere so please don't be mad.


Best regards 
Ket

It's my story - orginal topic on Blizzard's forum :: How to loose 3,000,000+ gold and don't get it back. - Forums - World of Warcraft
2 more cents from me:
cent #1 - if you have any ideas how the trick was done - I'm curious
cent #2 - merged realm ? steal as much you can since Blizzard can't track it down (sadly for me)

[CreativeXtent]

can we get a tl:dr?

[ev0]

can we get a tl:dr?

he lost gold

[Trixiap]

he lost gold

And didn't get them back

[CreativeXtent]

he lost gold

must be tuff

[ketrish]

tl;dr
auth/phone/normal pass and so go on with the brain are providing way to magicly poof your account - question is how

[Trixiap]

Abraka kedavra poof
*Compromised accounts* Potential Trojan - Forums - World of Warcraft

tl;dr trojan

Ps. Blizz is not recovering golds as you find out.

Edit: Maybe connected http://thenextweb.com/google/2014/09...s-compromised/

[Obama 2.0]

dat word wrap.

[ketrish]

didn't know that but thanks for the tip...
if you'd ran through my post you'd notice that to check if there was anything i've used : avg/kaspersky/malware antibytes & others - spybot, registry cleaner which didn't find anythig (tracking cookies or pseudo malware downloaded from official oracle website - aka some files of eclipse are out of the option) but anyway i've looked into topic and only rundll32 files were comming from system folder as no "disker" etc in any other temporary folders - i've got too old machine to allow myself not to control any not needed stuff in autorun
only thing what i've discovered in autorun is Malware scan of adirasx64.exe (adiras Application) a329ba735615b0848744694431cb2be08a9d9b3f - herdProtect but recently i've installed old modem to test if it was router fault (those dcs etc) with drivers provided by my Internet provider so they should be ok ;p
about gmail - i didn't use it when it happened besides it's relevant tbh - even if i would use it then - leak was few hours ago right ? my account poofed in sunday
thanks for trying to help in understanding

ps interesting list with gmail but with translation of the 1 message of the victims who posted on kind of blog : he lost his acc 11 months ago so someoe was farming them for some time

[Augury13]

Did you play Horde in Vanilla on US? I remember some really badass Ket.. Took like raids of us to take him down.

[ketrish]

I did play vanilla but never as horde mate

[Andreaspenna]

he lost gold

your reputation 666 nice one

[*Phaze]

Id' be gutted if this were to happen to me!

[Cheengle]

Huge bummer, would kill to even have 3m... sorry for your loss :/

[Aceswild161]

Interesting story, I had something close to that happen. I logged out over the weekend, with nothing strange going on, had about 280k on me. Woke up the next morning from a text that was from my brother asking if I was pulling an all nighter on wow. Looked at the comp and logged in, strange, found my mage in SW when I know she was in the shrine the night before. Then realized that everything was gone, but caught them in the middle of it, secured the comp, ran a scan found 1 piece of malware, but I guess where ours differ was the GM's restored everything on my account within 4 hours after doing the live chat method via battlenet.

Good luck though.